Researchers at Check Point Research (CPR), a division of Check Point Software Technologies Ltd., studied a Trojan called XLoader over the past six months. XLoader allows attackers to steal passwords and other personal information, take screenshots and remotely run malicious files. Previously, XLoader only infected Windows computers, but now researchers have found that this Trojan has been adapted for Mac as well.

XLoader evolved from Formbook, a well-known malware family. The Formbook went out of sale in 2018, and reappeared in 2020 under the name XLoader.

Security professionals are particularly worried that this malware, sold on the dark web, costs only $49, which makes it possible for literally anyone to buy it and steal information from users of both Windows and Mac.

Typically, cybercriminals infect systems with this Trojan by sending the victim an email with an infected Microsoft Office document attached. Thus, the advice not to open attachments in emails that seem suspicious, not to follow links in emails, and so on, are still very important.

In addition, XLoader is not difficult for the user to find. You can do it like this:

Go to /Users/[username]/Library/LaunchAgents
Look at the names in this directory and make sure that there are no suspicious files – such as, for example, com.wznpVSt83Jsd.HPiT0f4Hwxh.plist (the name is random, given as an example only).

Such a check will be quite handy: XLoader runs stealthily, which means that the user of the infected Mac doesn’t notice anything suspicious.